Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
IEEE/ACM Transactions on Networking (TON)
Moderately hard, memory-bound functions
ACM Transactions on Internet Technology (TOIT)
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol
Electronic Notes in Theoretical Computer Science (ENTCS)
Mitigating DoS attack through selective bin verification
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Adaptive Defense Against Various Network Attacks
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.